Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80422ae7-d538-408d-b2b3-68ee6ae98ff6.roa
File:                     80422ae7-d538-408d-b2b3-68ee6ae98ff6.roa (raw, json)
Hash identifier:          DWvhoXmp8Qi2vF0e04sjqm/yCteCehiy9E4Xb77lbhU=
Subject key identifier:   94:CA:74:3D:AC:DD:C9:84:78:86:DE:D6:85:46:F6:B9:B0:F5:AB:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3709C8F760A2ED7DED93B388589BC4D6E5651C5E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80422ae7-d538-408d-b2b3-68ee6ae98ff6.roa
Signing time:             Wed 12 Nov 2025 00:20:46 +0000
ROA not before:           Wed 12 Nov 2025 00:20:46 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.145.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:09:c8:f7:60:a2:ed:7d:ed:93:b3:88:58:9b:c4:d6:e5:65:1c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:20:46 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=ae537c81bf23c6ff5ecd439692e1ad18866310a114217eeb868620d5a38668fe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:38:4d:87:f2:42:2e:a9:f5:20:bb:db:91:ab:
                    67:76:22:f6:7b:e2:5f:cf:1e:b7:19:80:f0:34:59:
                    02:d5:47:01:94:cf:47:6c:32:b0:c8:e6:33:c3:65:
                    84:aa:45:24:56:6a:53:bd:f5:a9:83:b4:75:f3:be:
                    53:2c:c2:2d:da:9c:4c:51:19:4a:71:7e:c6:cb:7a:
                    74:21:95:c2:06:b6:f6:22:cf:4a:95:a1:1a:50:cc:
                    c2:f2:ee:f7:4a:3c:80:1e:dc:ee:72:01:f2:1c:2a:
                    ea:aa:85:5f:57:c5:87:f8:20:fc:b1:16:7f:e0:b4:
                    b7:3a:3d:8a:43:87:29:38:a5:d6:eb:ce:11:2a:7d:
                    bb:a5:89:94:63:b2:7e:94:02:48:96:95:65:34:14:
                    1f:d2:7c:44:4f:b1:bb:21:83:1f:50:c1:26:3b:3b:
                    6e:23:b6:fc:e0:a4:39:80:77:13:77:f1:55:51:96:
                    ee:f7:b9:8f:8f:c6:fd:49:f3:13:79:05:a6:ae:b4:
                    56:0f:06:e5:c2:cb:98:a9:72:b3:52:78:e5:11:c9:
                    c2:99:5e:b7:a2:00:f8:df:c1:54:a7:0c:5e:a3:6d:
                    1e:2a:95:cf:04:44:74:d9:fa:9d:3d:f6:d5:86:8e:
                    0b:55:c8:6a:b5:c5:b3:ad:1f:d0:8f:7e:c3:e0:6e:
                    7c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:CA:74:3D:AC:DD:C9:84:78:86:DE:D6:85:46:F6:B9:B0:F5:AB:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80422ae7-d538-408d-b2b3-68ee6ae98ff6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.145.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         14:3b:7f:56:67:6e:30:a2:bf:0a:e6:d7:15:04:50:0f:11:45:
         38:bb:37:39:06:d9:a2:cf:a4:21:0d:67:7d:5d:03:25:c9:f5:
         0e:d3:af:06:e2:fa:ef:4c:d1:0d:80:9f:d8:11:dd:53:f1:ab:
         ec:35:a5:bd:6a:fc:5c:7b:3d:d6:52:46:f6:0d:9a:6d:9e:12:
         8c:75:e2:a4:bd:df:d2:31:1e:b8:29:5c:f5:13:73:e3:c7:7d:
         d9:3f:ec:e7:2e:9d:4a:48:89:da:4f:e5:5e:b1:ad:39:06:27:
         60:1a:00:c4:11:05:05:ed:fa:0a:1d:30:3c:2b:d6:62:42:cd:
         49:7a:97:1a:0a:fc:19:d9:0b:e4:2d:99:1b:36:c2:21:1f:20:
         44:2d:8e:2e:29:d9:f9:2c:bd:1b:c5:b0:05:43:ce:f1:e2:25:
         80:1c:35:4f:84:02:1c:3c:7d:70:ce:e5:ff:d3:96:22:6d:e1:
         a4:5f:79:38:9a:f6:24:ec:a0:06:b0:67:21:d8:4a:23:a6:f3:
         19:d0:37:62:63:65:7c:41:7c:18:b7:2f:ab:c3:cd:1c:25:61:
         88:f0:03:39:91:06:25:78:ca:ef:44:ee:ce:a5:d8:98:0a:26:
         6b:2d:fe:d7:73:60:30:9f:8a:f6:4e:0b:59:e1:89:17:eb:76:
         3a:89:e8:a6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNwnI92Ci7X3tk7OIWJvE1uVlHF4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAyMDQ2WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTUzN2M4MWJmMjNjNmZmNWVjZDQzOTY5MmUxYWQxODg2
NjMxMGExMTQyMTdlZWI4Njg2MjBkNWEzODY2OGZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoOE2H8kIuqfUgu9uRq2d2IvZ74l/PHrcZgPA0WQLVRwGU
z0dsMrDI5jPDZYSqRSRWalO99amDtHXzvlMswi3anExRGUpxfsbLenQhlcIGtvYi
z0qVoRpQzMLy7vdKPIAe3O5yAfIcKuqqhV9XxYf4IPyxFn/gtLc6PYpDhyk4pdbr
zhEqfbuliZRjsn6UAkiWlWU0FB/SfERPsbshgx9QwSY7O24jtvzgpDmAdxN38VVR
lu73uY+Pxv1J8xN5BaautFYPBuXCy5ipcrNSeOURycKZXreiAPjfwVSnDF6jbR4q
lc8ERHTZ+p099tWGjgtVyGq1xbOtH9CPfsPgbnwtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlMp0PazdyYR4ht7WhUb2ubD1q3AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgwNDIyYWU3LWQ1MzgtNDA4ZC1iMmIzLTY4ZWU2YWU5OGZmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCkkTANBgkqhkiG9w0BAQsFAAOCAQEAFDt/VmduMKK/CubXFQRQDxFFOLs3
OQbZos+kIQ1nfV0DJcn1DtOvBuL670zRDYCf2BHdU/Gr7DWlvWr8XHs91lJG9g2a
bZ4SjHXipL3f0jEeuClc9RNz48d92T/s5y6dSkiJ2k/lXrGtOQYnYBoAxBEFBe36
Ch0wPCvWYkLNSXqXGgr8GdkL5C2ZGzbCIR8gRC2OLinZ+Sy9G8WwBUPO8eIlgBw1
T4QCHDx9cM7l/9OWIm3hpF95OJr2JOygBrBnIdhKI6bzGdA3YmNlfEF8GLcvq8PN
HCVhiPADOZEGJXjK70TuzqXYmAomay3+13NgMJ+K9k4LWeGJF+t2Oonopg==
-----END CERTIFICATE-----